Security Expert Uncovers Serious iPhone SMS Vulnerability
Article by George Norman
On 06 Jul 2009
Security expert Charlie Miller, which you might remember from the PWN2OWN competition where he managed to hack into Apple’s Safari in about 10 seconds, has uncovered a rather nasty security vulnerability affecting the iPhone. The vulnerability that Charlie Miller uncovered refers to the manner in which the iPhone handles text messages (SMS), which in turn could grant a person with malicious intent to gain root access to the device.

Unfortunately for those of you that want more details on the matter, Charlie Miller could not provide in-depth details on the vulnerability he uncovered, for obvious security reasons. If the details were to be released before Apple has time to work on a fix then anyone could potentially exploit this SMS vulnerability.

Advertising

What we do know is this: the iPhone handles SMS messages in a dangerous manner that could allow a person with malicious intent to remotely install and run unsigned software code with root access on the device. The attacker could for example send software code on the iPhone via SMS and thanks to this malicious code the attacker could turn on the device’s microphone and listen in to your conversation, could turn on the device’s GPS and know precisely where you are, or could add the iPhone to a botnet or distributed denial of service attack.

It sounds gloom, I know, but there is one upside. Charlie Miller does not have an exploit for this vulnerability so far, just a very suspicious crash (he can crash part of the device and temporarily disconnect it from the network). On top of that Apple is reportedly already aware of this issue and is currently working with Miller on a patch. The fix is supposed to be rolled out later this month, before Charlie Miller is due to make a detailed presentation on how to “inject SMS messages into iPhone, Android, and Windows Mobile devices” at the Black Hat 2009 event (25th through 30th of July, Caesar’s Palace, Las Vegas).

In related news, we already know that Apple is working on the iPhone OS 3.1 update. Let’s just hope that alongside the fixes and improvements it has to offer, a fix for this SMS vulnerability is also included.



Tags: Apple, iPhone, SMS, Vulnerability, Charlie Miller
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
By George Norman on 10 Jul 2017
With technology constantly evolving, many devices become obsolete and get replaced with something that's better, smaller, and probably a lot shinier.
By George Norman on 10 Jul 2017
Did you know that life is easier on iPhone? Put down the pitchforks for a moment and let me explain. And put out those torches as well...
By George Norman on 19 Jul 2017
Apple celebrated World Emoji Day by presenting 12 upcoming emoji characters that will be available across Apple devices later this year.
By George Norman on 09 Aug 2017
Android started out as an underdog, as the mobile operating system that nobody took seriously. Big-name tech companies laughed it off and critics said it would fail miserably, but Android proved them all wrong and become the powerhouse that it is today.
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Security Expert Uncovers Serious iPhone SMS Vulnerability
HTML Linking Code